You are here

Configuring authentication subsystems

A number of examples demonstrate how to express various authentication
configuration requirements in subsystem instances in the authentication chain. They also
explain how the authentication chain integrates the functions of multiple subsystem instances
into a more powerful conglomerate, letting you cater for even the most complex authentication
scenarios.
These examples demonstrate the flexibility and power of an
authentication chain. You can combine the strengths of a variety of different authentication
protocols and keep the user database synchronized almost transparently.

The authentication configuration examples adopt the following
structured approach:

Decide the authentication chain composition (required subsystem
types, instance names, order of precedence) and express this in the
alfresco-global.properties file.

For each subsystem instance:

Locate the properties files for its subsystem type. These
properties files define the configurable properties for that
subsystem type and their default values.

Create a folder named after the subsystem instance under the extension folders.

Copy the properties files into your new folder.

Edit the properties files to record the required configuration of the subsystem
instance.

Configuring external authentication
Use this information to enable the external authentication subsystem using the alfresco-global.properties file and the Admin Console in Share.

Configuring alfrescoNtlmalfrescoNtlm is the subsystem configured by default in the Alfresco Community Edition authentication chain. It performs authentication based on user and password information stored in the repository. It is capable of supporting both form-based login and NTLM-based Single Sign-On (SSO), as well as providing authentication for the CIFS server.

Configuring pass-through
The pass-through (passthru) subsystem can be used to replace the standard user database with a Windows server/domain controller, or list of servers, to authenticate users accessing Alfresco Community Edition. This saves having to create user accounts within Alfresco Community Edition.

Configuring Kerberos
The Java Authentication and Authorization Service (JAAS) is used within the Kerberos subsystem to support Kerberos authentication of user names and passwords. You can choose to use Kerberos against an Active Directory server in preference to LDAP or NTLM as it provides strong encryption without using SSL. It would still be possible to export user registry information using a chained LDAP subsystem.

Share SSO log in bypass
When configuring Share authentication as NTLM SSO, you can bypass the SSO authentication so that it is possible to log in as a different user than the one used in the Windows version.

You don't appear to have JavaScript enabled in your browser. With
JavaScript enabled, you can provide feedback to us using our simple form.
Here are some instructions
on how to enable JavaScript in your web browser.